Public bug reported: Ubuntu 24.04.3 LTS Release 24.04 Architecture amd64 fwknop-client 2.6.10-20.2build3
CONFIGURATION ============= My .fwknoprc file has two configurations: one using Rijndael encryption and another using GPG encryption. See below the contents of .fwknoprc. OBSERVED BEHAVIOUR ================== When using Rijndael encryption, fwknop terminates successfully. The SPA packet is received by the server. When using GPG encryption, fwknop terminates as follows, before I get a chance to enter the passphrase for the gpg key. No SPA packet is received by the server (obviously). ubuntu@tstnoble:~$ fwknop -v -n spa_with_gnupg [+] Resolved external IP (via '/usr/bin/wget -U Fwknop/2.6.10 --secure-protocol=auto --quiet -O - https://www.cipherdyne.org/cgi-bin/myip') as: xxx.xxx.xxx.xxx [+] GPG mode set, signing passphrase acquired via gpg-agent *** buffer overflow detected ***: terminated Aborted (core dumped) EXPECTED BEHAVIOUR ================== I expect fwknop to terminate successfully after sending an SPA packet encrypted with GPG. ADDITIONAL INFORMATION ====================== Tested with official packages from Ubuntu: fwknop-client 2.6.10-20.2build3 gpg 2.4.4-2ubuntu17.3 gpg-agent 2.4.4-2ubuntu17.3 libgpgme11t64:amd64 1.18.0-4.1ubuntu4 RESULTS: see above. ALSO TESTED on same system with current packages from https://repos.gnupg.org/deb/gnupg/noble/: gpg 2.4.8-2 gpg-agent 2.4.8-2 libgpgme11t64:amd64 1.24.3-2 RESULTS: same result as above: fwknop fails with buffer overflow ALSO TESTED on Debian 12 Bookworm with the following (official) packages: fwknop-client 2.6.10-16 gpg 2.2.40-1.1+deb12u1 gpg-agent 2.2.40-1.1+deb12u1 libgpgme11:amd64 1.18.0-3+b1 RESULTS: On Debian Bookworm, fwknop works as expected. CONTENTS OF CONFIGURATION FILE ============================== $ cat .fwknoprc [default] USE_HMAC Y HMAC_KEY_BASE64 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ACCESS tcp/22 ALLOW_IP resolve RESOLVE_IP_HTTPS Y [spa_with_rijndael] SPA_SERVER xxx.xxx.xxx.xxx SPA_SERVER_PORT 63772 SPA_SERVER_PROTO udp KEY_BASE64 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [spa_with_gnupg] SPA_SERVER xxx.xxx.xxx.xxx SPA_SERVER_PORT 63772 SPA_SERVER_PROTO udp USE_GPG Y USE_GPG_AGENT Y GPG_HOMEDIR /home/ubuntu/.gnupg GPG_EXE /usr/bin/gpg # gpg key of client - rsa2048 GPG_SIGNER 558708C6BF84459E # gpg key of server - rsa2048 GPG_RECIPIENT 6AF5CDD31C2DA406 #--EOF-- DEBUG INFORMATION ================= ubuntu@tstnoble:~$ sudo apt install gdb ... ubuntu@tstnoble:~$ gdb --args fwknop -v -n spa_with_gnupg ... (gdb) run Starting program: /usr/bin/fwknop -v -n spa_with_gnupg [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Detaching after fork from child process 1838] [+] Resolved external IP (via '/usr/bin/wget -U Fwknop/2.6.10 --secure-protocol=auto --quiet -O - https://www.cipherdyne.org/cgi-bin/myip') as: xxx.xxx.xxx.xxx [Detaching after fork from child process 1839] [Detaching after fork from child process 1841] [Detaching after fork from child process 1843] [Detaching after fork from child process 1845] [Detaching after fork from child process 1847] [Detaching after fork from child process 1849] [Detaching after fork from child process 1851] [+] GPG mode set, signing passphrase acquired via gpg-agent *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44 warning: 44 ./nptl/pthread_kill.c: No such file or directory (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x00007ffff7c4527e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x00007ffff7c288ff in __GI_abort () at ./stdlib/abort.c:79 #5 0x00007ffff7c297b6 in __libc_message_impl (fmt=fmt@entry=0x7ffff7dce765 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:134 #6 0x00007ffff7d36c49 in __GI___fortify_fail (msg=msg@entry=0x7ffff7dce74c "buffer overflow detected") at ./debug/fortify_fail.c:24 #7 0x00007ffff7d36604 in __GI___chk_fail () at ./debug/chk_fail.c:28 #8 0x00007ffff7d37de5 in ___snprintf_chk (s=<optimized out>, maxlen=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at ./debug/snprintf_chk.c:29 #9 0x00007ffff7faaf29 in fko_encrypt_spa_data () from /lib/x86_64-linux-gnu/libfko.so.3 #10 0x00007ffff7faec6b in fko_spa_data_final () from /lib/x86_64-linux-gnu/libfko.so.3 #11 0x0000555555558ccc in ?? () #12 0x00007ffff7c2a1ca in __libc_start_call_main (main=main@entry=0x5555555580a0, argc=argc@entry=4, argv=argv@entry=0x7fffffffe9b8) at ../sysdeps/nptl/libc_start_call_main.h:58 #13 0x00007ffff7c2a28b in __libc_start_main_impl (main=0x5555555580a0, argc=4, argv=0x7fffffffe9b8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe9a8) at ../csu/libc-start.c:360 #14 0x000055555555a7e5 in ?? () (gdb) ** Affects: fwknop (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2131672 Title: fwknop-client: buffer overflow when using GPG encryption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwknop/+bug/2131672/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
